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CLAIMS: 

What is claimed is: 

1. A network data processing system for identifying, locating, and deleting 
viruses, comprising: 
5 a local server; 

a plurality of client data processing systems; and 

a bait server, wherein 

the bait server monitors itself and, responsive to an attempt from an offending 
system within the network data processing system to access the bait server, the bait 
10 server broadcasts an indication that a virus attack is underway to all devices within 
the network data processing system, ignores all further access requests by the 
offending system until receiving an indication that the offending system has been 
disinfected, and directs the local server to disconnect the offending system from the 
network data processing system. 

15 2. The network data processing system as recited in claim 1, wherein the address 
of the bait server is not published to the plurality of client data processing systems. 

3. The network data processing system as recited in claim 1, wherein the 
offending system includes more than one data processing system. 

4. The network data processing system as recited in claim 1, wherein the 
20 offending system includes the local server. 

5. The network data processing system as recited in claim 1, wherein the 
offending system includes a client data processing system. 
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6. The network data processing system as recited in claim 1, wherein the attempt 
from the offending system to access the bait server comprises an attempt to write to 
the bait server. 

7. The network data processing system as recited in claim 1, wherein the virus is 
5 a worm. 

8. The network data processing system as recited in claim 1, wherein the virus is 
a Trojan horse. 

9. The network data processing system as recited in claim 1, wherein the network 
data processing system is configured to, once the offending system has been 

10 disinfected of the client, allow the offending system to reconnect to the network data 
processing system. 

10. A method for detecting the presence of a computer virus, the method 
comprising; 

receiving, at a bait server, a request to perform a function on the bait server; 
15 identifying an offending system from which the request originated; 

alerting a local server that a virus attack is in progress and of the identity of 
the offending system; and 

directing the local server to disconnect the offending system from the network. 

11. The method as recited in claim 10, further comprising: 

20 prior to disconnecting the offending system, notifying the offending system 

that it is infected with a virus. 
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12. The method as recited in claim 10, further comprising: 
receiving a reconnect request from the offending system; 

verifying that the offending system is disinfected and available to reconnect to 
the network; and 
5 reconnecting the offending system to the network. 

13. A method in a bait server for detecting the presence of a computer virus, the 
method comprising: 

monitoring files within the bait server; and 

responsive to a change in one or more of the files within the bait server, 
10 notifying a local server that a virus attack is underway. 



14. The method as recited in claim 13, wherein the change in one or more of the 
files includes a change in byte size of the one or more of the files. 

15. The method as recited in claim 13, wherein the change in one or more of the 
files includes one of a missing and a deleted file. 

15 16. A method in a bait server for detecting the presence of a computer virus, the 
method comprising: 

monitoring a network for the presence of a computer virus; 
responsive to a determination that a virus is detected, determining the identity 
of an offending system within the network from which the virus entered the network; 
20 and 

directing the local server to disconnect the offending system from the network. 
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17. The method as recited in claim 16, further comprising: 

instructing all devices within the network to ignore all requests from the 
offending system until the offending system has been disinfected and is available for 
network communication. 



5 18. The method as recited in claim 16, further comprising: 

notifying a local server of the presence of the virus and the identify of the 
offending system. 



19. The method as recited in claim 16, further comprising: 
responsive to an indication that the offending system has been disinfected and 

responsive to a reconnect request from the offending system, reconnecting the 
offending system to the network. 

20. A computer program product in a computer readable media for use in a data 
processing system for detecting the presence of a computer virus, the computer 
program product comprising; 

15 first instructions for receiving, at a bait server, a request to perform a function 

on the bait server; 

second instructions for identifying an offending system from which the request 
originated; 

third instructions for alerting a local server that a virus attack is in progress 
20 and the identity of the offending system; and 

fourth instructions for disconnecting the offending system from a network. 

21. The computer program product as recited in claim 20, further comprising: 
fifth instructions for, prior to disconnecting the offending system, notifying 

the offending system that it is infected with a virus. 
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22. The computer program product as recited in claim 20, further comprising: 
fifth instructions for receiving a reconnect request from the offending system; 
sixth instructions for verifying that the offending system is disinfected and 

available to reconnect to the network; and 
5 seventh instructions for reconnecting the offending system to the network, 

23. A computer program product in a computer readable media for use in a data 
processing system in a bait server for detecting the presence of a computer virus, the 
computer program product comprising: 

first instructions for monitoring files within the bait server; and 
10 second instructions for responsive to a change in one or more of the files 

within the bait server, notifying a local server that a virus attack is underway. 

24. The computer program product as recited in claim 23, wherein the change in 
one or more of the files includes a change in byte size of the one or more of the files, 

25. The computer program product as recited in claim 23, wherein the change in 
15 one or more of the files includes a missing file. 

26. A computer program product in a computer readable media for use in a data 
processing system in a bait server for detecting the presence of a computer virus, the 
computer program product comprising: 

first instructions for monitoring a network for the presence of a computer 

20 virus; 

second instructions, responsive to a determination that a virus is detected, for 
determining the identity of an offending system within the network from which the 
virus entered the network; and 

third instructions for disconnecting the offending system from the network. 
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27. The computer program product as recited in claim 26, further comprising: 
fourth instructions for instructing all devices within the network to ignore all 

requests from the offending system until the offending system is reauthorized for 
network communication. 

28. The computer program product as recited in claim 26, further comprising: 
fourth instructions for notifying a local server of the presence of the virus and 

the identify of the offending system. 

29. The computer program product as recited in claim 26, further comprising: 
fourth instructions, responsive to an indication that the offending system has 

been disinfected and responsive to a reconnect request from the offending system to 
the local server, for reconnecting the offending system to the network. 

30. A system for detecting the presence of a computer virus, the system 
comprising; 

a receiver, at a bait server, which receives a request to perform a function on 
the bait server; 

an identifying unit which identifies an offending system from which the 
request originated; 

an virus alert unit which alerts a local server that a virus attack is in progress 
and the identity of the offending system; and 

disconnection unit which disconnects the offending system from a network. 

31. The system as recited in claim 30, further comprising: 

a notification unit which, prior to disconnecting the offending system, notifies 
the offending system that it is infected with a virus. 
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32. The system as recited in claim 30, further comprising: 

a reconnect request unit which receives a reconnect request from the offending 

system; 

a verification unit which verifies that the offending system is authorized to 
5 reconnect to the network; and 

a reconnecting unit which reconnects the offending system to the network. 

33. A system in a bait server for detecting the presence of a computer virus, the 
system comprising: 

a monitoring unit which monitors files within the bait server; and 
10 a notification unit which, responsive to a change in one or more of the files 

within the bait server, notifies a local server that a virus attack is underway. 

34. The system as recited in claim 33, wherein the change in one or more of the 
files includes a change in byte size of the one or more of the files. 

35. The system as recited in claim 33, wherein the change in one or more of the 
15 files includes a missing file. 

36. A system in a bait server for detecting the presence of a computer virus, the 
system comprising: 

a monitoring unit which monitors a network for the presence of a computer 

virus; 

20 an identifier which, responsive to a determination that a virus is detected, 

determines the identity of an offending system within the network from which the 
virus entered the network; and 

a disconnection unit which disconnects the offending system from the 
network. 
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37. The system as recited in claim 36, further comprising: 

a network protection unit which instructs all devices within the network to 
ignore all requests from the offending system until the offending system is 
reauthorized for network communication. 

38. The system as recited in claim 36, further comprising: 

a notification unit which notifies a local server of the presence of the virus and 
the identify of the offending system. 

39. The system as recited in claim 36, further comprising: 

a reconnection unit which, responsive to an indication that the offending 
system has been disinfected and responsive to a reconnect request from the offending 
system, reconnects the offending system to the network. 
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